In this digital era, our privacy is under constant threat as our personal data and traceable online/offline activities are frequently collected, processed and transferred by many software applications. Privacy attacks are often formed by exploiting vulnerabilities found in those software applications. The Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) systems are currently the main sources that software engineers rely on for understanding and preventing publicly disclosed software vulnerabilities. However, our study on all 922 weaknesses in the CWE and 156,537 vulnerabilities registered in the CVE to date has found a very small coverage of privacy-related vulnerabilities in both systems, only 4.45\% in CWE and 0.1\% in CVE. These also cover only a small number of areas of privacy threats that have been raised in existing privacy software engineering research, privacy regulations and frameworks, and relevant reputable organisations. The actionable insights generated from our study led to the introduction of 11 new common privacy weaknesses to supplement the CWE system, making it become a source for both security and privacy vulnerabilities.

翻译：在这个数字时代，我们的隐私面临持续威胁，因为个人数据和可追踪的在线/离线活动经常被许多软件应用程序收集、处理和传输。隐私攻击通常通过利用这些软件应用中发现的漏洞而形成。通用弱点枚举系统（CWE）和通用漏洞与暴露系统（CVE）目前是软件工程师依赖的主要来源，用于理解和防范公开披露的软件漏洞。然而，我们对CWE中全部922个弱点以及迄今为止在CVE中注册的156,537个漏洞的研究发现，这两个系统中与隐私相关的漏洞覆盖率极低，在CWE中仅为4.45%，在CVE中仅为0.1%。这些漏洞仅覆盖了现有隐私软件工程研究、隐私法规与框架以及相关权威组织提出的隐私威胁领域中的一小部分。我们的研究产生的可操作见解促成了11个新的通用隐私弱点的引入，以补充CWE系统，使其成为安全与隐私漏洞的共同来源。